Missing MOD disks did not need to be encrypted, says EDS

A lost MOD hard drive, which contained the personal details of members of the armed forces, did not have to be encrypted.

A lost MOD hard drive, which contained the personal details of members of the armed forces, did not have to be encrypted under Ministry of Defence procedures because it was held in secure premises, it has emerged.   

The drive could contain data on 100,000 members of the armed forces, and 600,000 potential recruits, according to reports.

Rob Fry, head of EDS Defence, told BBC Radio 5's Drive programme, "The hard drive was not encrypted but neither did it need to be, in terms of the protocols to which we and the Ministry of Defence work, when it sits inside a secure site."

The BBC also interviewed a Computer Weekly journalist, about the implications of the missing hard drive.

EDS reported the loss of the disk last wednesday, but it is not known when the drive disappeared.

The Ministry of Defence said in a statement that the hard drive may yet turn up at another secure site. It has conceded that the personal information of members of the armed forces might have been "compromised" by the loss of data on the drive.

The 1TB portable hard drive went missing from a secure EDS site at Hook in Surrey. 

MPs have criticised the loss of the hard drive, saying that a culture change is needed to prevent personal data going missing.

The MoD said in a statement, "On Wednesday 8 October we were informed by our contractor EDS that it was unable to account for a portable hard drive used in connection with the administration of Armed Forces personnel data. This came to light during a priority audit EDS are conducting to comply with the Cabinet Office data handling review. The MoD Police are investigating with EDS."

A spokesman for EDS said, "Following a data audit that we carried out under the terms of the Cabinet Office's Data Handling Review, we have been unable to account for a removable hard drive that was held in a secure location at our facility in Hook. We informed the MOD on Wednesday 8 October and we are working with them to investigate this, including to establish what data may have been on the hard drive. There is no evidence that security at the site has been breached."

Read more on IT risk management